Spyworks 8.0 Anti-Spyware Technology

I wrote the article "SpyWorks is not Spyware" to address confusion that sometimes arose among customers who were (rightly) concerned by the presence of files with the word "spy" in their names, and also to respond to anti-virus vendors who would occasionally include a SpyWorks component in their list of dangerous components and remove it (thus breaking an innocent application).

SpyWorks was, of course, named during a more innocent age - back when the Internet was a plaything for academics rather than a fundamental part of everyone's life. As a low level toolkit, the product provides many capabilities and unfortunately some of them have proven to be useful to spyware authors (as are the underlying operating features that SpyWorks uses).

For version 8.0 of SpyWorks, in addition to a new more robust hook engine, we wanted to address this issue. We did so by incorporating new anti-spyware technology into SpyWorks itself.

What's in a Name?

The first change we made is actually low tech. Since a large part of the misunderstanding was due to the presence of the word "spy" in the component file names, we renamed all of the components. In the version information, anywhere we mention SpyWorks, we include the term "with anti-spyware technology" as well.

Obviously this change alone won't prevent spyware authors from using our components, but it will hopefully reduce the number of misunderstandings among both end-users and anti-virus vendors.

When Less Functionality is a Good Thing

The major change to SpyWorks is in its message processing. As long as you are hooking or subclassing your own application, there is no change in behavior. However, when a SpyWorks component hooks into another process, certain functionality is now disabled. Specifically:

When subclassing a text box that has the password style bit set, no characters are returned.

When subclassing a browser window (for common browsers), no characters are returned.

Keep in mind, these restrictions only apply for out of process hooks and subclassing. So this won't prevent you from doing anything within your own application or component, or even a browser plug-in (which is typically an in-process DLL).

What these restrictions will do, we believe, is make the product considerably less attractive to spyware authors who are looking to capture keystrokes used on browser sessions, or password information. At the same time, we feel this will not compromise the usefulness of the product for legitimate users.

Breaking Changes

Between renaming components and changing their names, it should be obvious that the SpyWorks 8 components are not drop-in replacements for the current SpyWorks components. To use them you do have to replace the components in your applications, copy the property values, and rebuild your applications. The good news is that the properties and methods remain identical (even though functionality is slightly changed), so the effort to convert is minor. The other good news is that installation of SpyWorks 8 or use of its components will not interfere with existing applications that use previous versions of SpyWorks - it is a functionally distinct product.

Conclusion

SpyWorks has long been the premier low-level toolkit for VB6 and now .NET developers. SpyWorks 8 continues in this tradition, providing the latest features to both .NET developers and those still involved in development and maintenance of COM VB6 applications.

For notification when new articles are available, sign up for Desaware's Newsletter.